Static analysis of computer software applications

1. A computer-implemented method comprising: a computer applying a first level of abstraction to model a plurality of run-time objects of a computer software application to produce a set of object abstractions of the run-time objects; the computer producing a first data-flow propagation graph using the set of object abstractions; the computer identifying a data-flow bottleneck at control locations within the first data-flow propagation graph; the computer applying a second level of abstraction to model any of the said run-time objects which are identified as created or returned by factory methods and having in the set of object abstractions a corresponding object abstraction that is traceable to the data-flow bottleneck, based on corresponding allocation sites and call sites that call factory methods encompassing the corresponding allocation sites, where applying the second level of abstraction decomposes the corresponding object abstraction into a plurality of object abstractions, thereby producing a modified set of object abstractions; the computer performing static data-flow analysis of the computer software application using the modified set of object abstractions; the computer invocating one of the factory methods at least two times, comprising a first invocation and a second invocation; the computer performing the first invocation using an untrusted argument; the computer performing the second invocation without using an untrusted argument, wherein if a static security analysis were performed using a data-flow propagation graph from the first invocation and the second invocation without using the modified set of object abstractions, a false positive report of a security vulnerability would result assuming that by default the statistic security analysis conservatively views two instances as being one for a same abstract object, wherein said method avoids the false positive report by modeling the factory method by applying a further level of abstraction, as opposed to modeling the factory method as a single abstract object.

2. The method of claim 1 , where the identifying comprises identifying where the data-flow bottleneck is traceable to an object abstraction of a run-time object allocated by an allocation statement within the factory method, where a value defined by the allocation statement is returned by the factory method.

3. The method of claim 1 where the performing static data-flow analysis of the computer software application using the modified set of object abstractions comprises modifying the data-flow propagation graph, and further comprising iteratively performing the identifying, applying, and performing the static data-flow analysis using the modified set of object abstractions until a termination condition is met.

4. The method of claim 3 where the termination condition is met: when a predefined number of iterations greater than two is reached, when no additional data-flow bottlenecks are identified in the data-flow propagation graph, or when two successive versions of the data-flow propagation graph are identical.

5. The method of claim 1 , wherein the factory methods are written in one or more object-oriented programming languages, wherein the factory methods create instances of a particular class or type sub-hierarchy, wherein each of the factory methods has multiple invocations, where each of the multiple invocations represents a different control flow path that results in a different instance of the same class, wherein use of the set of object abstractions for the static data flow analysis prevents problems with incorrect status analysis from a first invocation of the factory methods using an untrusted argument and a second invocation of the factory methods not using an untrusted argument.

6. The method of claim 1 where the performing static data-flow analysis of the computer software application using the modified set of object abstractions comprises replacing the data-flow propagation graph with a new data-flow propagation graph.

7. The method of claim 6 where the termination condition is met when a predefined number of iterations greater than two is reached.

8. The method of claim 6 where the termination condition is met when no additional data-flow bottlenecks are identified in the data-flow propagation graph.

9. The method of claim 6 where the termination condition is met when two successive versions of the data-flow propagation graph are identical.

10. The method of claim 1 where the applying, performing, and identifying are implemented in at least one of a) computer hardware, and b) computer software embodied in a non-transitory, computer-readable storage medium.

11. The method of claim 1 wherein the producing comprises producing the first data-flow propagation graph having nodes that represent control locations within the computer software application, and edges that represent data flow across the control locations.

12. The method of claim 11 wherein the identifying comprises identifying the data-flow bottleneck at control locations within the data-flow propagation graph.

13. The method of claim 2 wherein the identifying comprises identifying whether the data-flow bottleneck is due to an allocation statement.

14. The method of claim 2 where the applying comprises iteratively applying abstractions to model a run-time object whose abstraction is traceable to the identified data-flow bottleneck until a predefined termination condition is met.

15. A method comprising: a computer invocating one of a plurality of factory methods at least two times, comprising a first invocation and a second invocation; the computer performing the first invocation using an untrusted argument; the computer performing the second invocation without using an untrusted argument wherein if a static security analysis were performed using a data-flow propagation graph from the first invocation and the second invocation without using the modified set of object abstractions, a false positive report of a security vulnerability would result assuming that by default the statistic security analysis conservatively views two instances as being one for a same abstract object, wherein said method avoids the false positive report by modeling the factory method by applying a further level of abstraction, as opposed to modeling the factory method as a single abstract object; responsive to the first and the second invocating, the computer applying a first level of abstraction to model a plurality of run-time objects of a computer software application to produce a set of object abstractions of the run-time objects for the one factory method; the computer producing a first data-flow propagation graph using the set of object abstractions; the computer identifying a data-flow bottleneck at control locations within the first data-flow propagation graph; the computer determining whether the data-flow bottleneck is traceable to an abstraction of run-time objects; the computer applying a second level of abstraction to model any of the said run-time objects which are identified as created or returned by factory methods and having in the set of object abstractions a corresponding object abstraction that is traceable to the data-flow bottleneck, based on corresponding allocation sites and call sites that call factory methods encompassing the corresponding allocation sites, where applying the second level of abstraction decomposes the corresponding object abstraction into a plurality of object abstractions, thereby producing a modified set of object abstractions wherein use of the first and second levels of abstractions avoids a false-positive report of a security vulnerability from being generated by a static data-flow analysis of the computer software application; and the computer performing static data-flow analysis of the computer software application using the modified set of object abstractions to replace the data-flow propagation graph with a modified data flow propagation graph.

16. The method of claim 15 wherein the performing static data-flow analysis of the computer software application using the modified set of object abstractions until a termination condition is met.

17. The method of claim 16 where the termination condition is met when no additional data-flow bottlenecks are identified in the data-flow propagation graph.

18. A method comprising: a computer applying a first level of abstraction to model a plurality of run-time objects of a computer software application to produce a set of object abstractions of the run-time objects; the computer producing a first data-flow propagation graph using the set of object abstractions; the computer identifying a data-flow bottleneck at control locations within the first data-flow propagation graph; the computer applying a second level of abstraction to model any of the said run-time objects which are identified as created or returned by factory methods and having in the set of object abstractions a corresponding object abstraction that is traceable to the data-flow bottleneck, based on corresponding allocation sites and call sites that call factory methods encompassing the corresponding allocation sites, where applying the second level of abstraction decomposes the corresponding object abstraction into a plurality of object abstractions, thereby producing a modified set of object abstractions; the computer determining whether the data-flow bottleneck is traceable to an abstraction of run-time objects; the computer applying a second level of abstraction to model any of the run-time objects of which abstractions which are identified as created or returned by factory methods and having in the set of object abstractions a corresponding object abstraction that is traceable to the data-flow bottleneck, based on corresponding allocation sites and call sites that call factory methods encompassing the corresponding allocation sites, where applying the second level of abstraction decomposes the corresponding object abstraction into a plurality of object abstractions, thereby producing a modified set of object abstractions; the computer performing static data-flow analysis of the computer software application using the modified set of object abstractions to produce a second data-flow propagation graph, wherein the first data-flow propagation graph is replaced by the second data-flow propagation graph; the computer invocating one of the factory methods at least two times, comprising a first invocation and a second invocation; the computer performing the first invocation using an untrusted argument; the computer performing the second invocation without using an untrusted argument, wherein if a static security analysis were performed using a data-flow propagation graph from the first invocation and the second invocation without using the modified set of object abstractions, a false positive report of a security vulnerability would result assuming that by default the statistic security analysis conservatively views two instances as being one for a same abstract object, wherein said method avoids the false positive report by modeling the factory method by applying a further level of abstraction, as opposed to modeling the factory method as a single abstract object.

19. The method of claim 18 , further comprising iteratively performing the identifying, applying, and performing the static data-flow analysis using the modified set of object abstractions until a termination condition is met.